Pod Slurping: Threat or Hype?

By John P. Mello Jr.
Sep 29, 2005 7:58 AM PT

These days, a sure way to get attention to something is to associate it to Apple Computer's hot line of iPod digital music players -- even if that association is a dubious one. That seems to be the case with Pod Slurping.

A little over a year ago, Gartner Research in Stamford, Conn., cautioned corporate America about the threat that portable storage devices pose to its data. "Companies are at risk of losing intellectual property and other critical corporate data," Gartner maintained. "Portable storage devices are ideal for anyone intending to steal data."

Among the devices mentioned by Gartner that could be deployed for devious deeds were portable hard drives made by LaCie and Toshiba, USB "thumb" drives, digital cameras with flash cards and, yes, the iPod.

Slurp.exe

Gartner's report garnered headlines and inspired one security engineer, Abe Usher, to write in June a program, slurp.exe, that could be executed from an iPod, or any other removable storage device, and be used to rapidly suck files from any Windows computer.

"Using slurp.exe on my iPod, it took me 65 seconds to copy all document files (*.doc, *.xls, *.htm, *.url, *.xml, *.txt, etc.) off of my computer as a logged in user," Usher wrote on his blog, www.sharp-ideas.net. "Without a username and password, I was able to use a boot CDROM to bypass the login password and copy the document files from my hard drive to my iPod in about 3 minutes, 15 seconds."

How serious is the threat of Pod Slurping? "It's a real threat, but I consider it pretty minor in the overall scheme of things," Gartner Group Research Vice President Rich Mogull told TechNewsWorld.

"Can it be done?" he asked. "Absolutely. But it's not something we hear about every day."

Overblown Threat

"People abuse portable storage," he declared. "But I wouldn't get too hung up on this Pod Slurping business."

"We're a little bit worried about it, because people can put sensitive content onto these devices and move it around," he added, "but we're more worried about accidental loss of the devices than people using them for malicious purposes."

Vladimir Chernavsky, CEO of Advanced Force, a San Ramon, Calif. maker of software for controlling access to ports and devices on a network, characterized the Pod Slurping threat as "overblown."

Janitor as James Bond

"This possibility has been around for a long time," he told TechNewsWorld. "It's just that a guy decided to show how it works and how it's possible."

Chernavsky pointed out that the potential for mischief is very high. "All kinds of devices, like MP3 players, have built-in memory," he said. "Now every janitor can be equipped like a James Bond, capable of copying gigabytes of data onto to those devices."

But he discounted the breadth of the threat. "It sounds really cool, but I haven't heard of any cases where it's been used to steal data," he said.

Restrictions Difficult

That could be because enterprises usually turn down the volume when it comes to security breaches. "Companies don't necessarily share this type of information," Dor Skuller, Vice President for Business Development at Safend, a device monitoring software maker in Philadelphia, told TechNewsWorld.

"There are multiple cases, which I can't name for confidentiality reasons, in very large companies that have had these issues that have come to us for protection," he said.

Whether a company should be fretting about Pod Slurping depends on its industry, Mogull explained. "Industries with high-value intellectual property are more concerned about this than others," he said.

He noted that it can be troublesome for an organization to impose too heavy handed a policy on portable storage. "For many companies, employees need access to portable storage as part of doing their job, so it can be difficult to restrict them," he said.